This is an old revision of the document!

Integration with KeePass

If you use KeePass password manager, you may use it as a site manager for WinSCP.

Advertisement

Defining Site

Each KeePass password entry has a URL field, in addition to Password and User name fields. You can use the URL field to store other session data, particularly a hostname and a protocol, optionally also a port number (when using non-standard port). For example: sftp://example.com/.

Defining URL Overrides

To make the URLs in password entries working, define a URL override rule in KeePass Options.

Advertisement

In KeePass 2.x1 main window go to menu Tools > Options. Go to Integration tab and press URL Overrides button. On URL Overrides window press Add button.

On URL Override window, to Scheme field, enter protocol you want to handle with WinSCP, e.g. sftp or ftp. In URL Override field, enter:

cmd://"%PROGRAMFILES(x86)%\WinSCP\WinSCP.exe" {URL:SCM}://{USERNAME}:{PASSWORD}@{URL:HOST}:{T-REPLACE-RX:/{URL:PORT}/-1//}

On 32-bit systems, replace %PROGRAMFILES(x86)% with %PROGRAMFILES%.

The {T-REPLACE-RX:/{URL:PORT}/-1//} is a workaround for KeePass resolving the {URL:PORT} placeholder to -1, when a password entry URL field does not specify the port explicitly and KeePass does not know the protocol (such as sftp) to substitute a standard port.

See KeePass documentation for placeholders.

Repeat override definition for each protocol you want to use with WinSCP (sftp, ftp, ftps, scp, http, https). If you want to use WebDAV sessions, but you want to keep http protocol reserved for a web browser, you can use custom scheme for the protocol, e.g. webdav. Then, in the URL Override field, you need to explicitly use http, instead of referring by $${URL:SCM}$$ to the protocol from the password entry URL field.

Security Considerations

KeePass URL override rules pass the passwords to WinSCP via command-line. Command-line used to run any process can be read by malicious processes on your machine or persons. We recommend you manage your sites on WinSCP Login window and use a master password to protect them.

  1. See KeePass documentation for instructions for KeePass 1.xBack

Last modified: by martin